- Create root file system image
cd $IMAGE/
wget https://raw.githubusercontent.com/google/syzkaller/master/tools/create-image.sh -O create-image.sh
chmod +x create-image.sh
./create-image.sh
-d buster for Debian 10, and -s 16384 for larger disk size.
- Kernel configuration
CONFIG_CONFIGFS_FS=y
CONFIG_SECURITYFS=y
CONFIG_KGDB=y
CONFIG_DEBUG_INFO=y
- Failed to start Raise network interfaces?
root@syzkaller:~# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto eth0
iface eth0 inet dhcp
If the interface name from network/interfaces is dirfferent from the output of
ip a, then add the following udev rule.
root@syzkaller:~# cat /etc/udev/rules.d/10-rename-network.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}="52:54:00:12:34:56", NAME="eth0"
- QEMU
qemu-system-x86_64 \
-m 4G \
-smp 8 \
-kernel `pwd`/arch/x86/boot/bzImage \
-append "root=/dev/sda earlyprintk=serial rdinit=/bin/sh kgdboc=ttyS0,115200 kgdbwait rodata=off nokaslr" \
-drive file=`pwd`/../stretch.img,format=raw \
-net user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 \
-net nic,model=e1000 \
-enable-kvm -serial tcp::1234,server,nowait
If rodata=off nokaslr is not given, then you will not be able to set breakpoints with gdb.
- Set gdb target
(gdb) target remote localhost:1234
- Trigger breakpoint
# echo g > /proc/sysrq-trigger
Then it invokes kgdb_breakpoint.